Search for vulnerabilities
Vulnerability details: VCID-v7qg-mqs6-g3e8
Vulnerability ID VCID-v7qg-mqs6-g3e8
Aliases CVE-2024-0749
Summary A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1021 Improper Restriction of Rendered UI Layers or Frames
CWE-346 Origin Validation Error
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0749.json
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.00301 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2024-0749
cvssv3.1 4.3 https://bugzilla.mozilla.org/show_bug.cgi?id=1813463
ssvc Track https://bugzilla.mozilla.org/show_bug.cgi?id=1813463
cvssv3.1 4.3 https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
cvssv3.1 4.3 https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2024-0749
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
cvssv3.1 4.3 https://www.mozilla.org/security/advisories/mfsa2024-01/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-01/
cvssv3.1 4.3 https://www.mozilla.org/security/advisories/mfsa2024-04/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2024-04/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0749.json
https://api.first.org/data/v1/epss?cve=CVE-2024-0749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0755
2259930 https://bugzilla.redhat.com/show_bug.cgi?id=2259930
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVE-2024-0749 https://nvd.nist.gov/vuln/detail/CVE-2024-0749
mfsa2024-01 https://www.mozilla.org/en-US/security/advisories/mfsa2024-01
mfsa2024-01 https://www.mozilla.org/security/advisories/mfsa2024-01/
mfsa2024-04 https://www.mozilla.org/en-US/security/advisories/mfsa2024-04
mfsa2024-04 https://www.mozilla.org/security/advisories/mfsa2024-04/
msg00015.html https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
msg00022.html https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
RHSA-2024:0559 https://access.redhat.com/errata/RHSA-2024:0559
RHSA-2024:0565 https://access.redhat.com/errata/RHSA-2024:0565
RHSA-2024:0596 https://access.redhat.com/errata/RHSA-2024:0596
RHSA-2024:0598 https://access.redhat.com/errata/RHSA-2024:0598
RHSA-2024:0600 https://access.redhat.com/errata/RHSA-2024:0600
RHSA-2024:0601 https://access.redhat.com/errata/RHSA-2024:0601
RHSA-2024:0602 https://access.redhat.com/errata/RHSA-2024:0602
RHSA-2024:0603 https://access.redhat.com/errata/RHSA-2024:0603
RHSA-2024:0604 https://access.redhat.com/errata/RHSA-2024:0604
RHSA-2024:0605 https://access.redhat.com/errata/RHSA-2024:0605
RHSA-2024:0608 https://access.redhat.com/errata/RHSA-2024:0608
RHSA-2024:0609 https://access.redhat.com/errata/RHSA-2024:0609
RHSA-2024:0615 https://access.redhat.com/errata/RHSA-2024:0615
RHSA-2024:0616 https://access.redhat.com/errata/RHSA-2024:0616
RHSA-2024:0618 https://access.redhat.com/errata/RHSA-2024:0618
RHSA-2024:0619 https://access.redhat.com/errata/RHSA-2024:0619
RHSA-2024:0622 https://access.redhat.com/errata/RHSA-2024:0622
RHSA-2024:0623 https://access.redhat.com/errata/RHSA-2024:0623
show_bug.cgi?id=1813463 https://bugzilla.mozilla.org/show_bug.cgi?id=1813463
USN-6610-1 https://usn.ubuntu.com/6610-1/
USN-6669-1 https://usn.ubuntu.com/6669-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0749.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1813463
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-29T19:41:27Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1813463
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-29T19:41:27Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-29T19:41:27Z/ Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0749
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-01/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-29T19:41:27Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-01/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2024-04/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-29T19:41:27Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-04/
Exploit Prediction Scoring System (EPSS)
Percentile 0.52997
EPSS Score 0.00301
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:09.344604+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-04.yml 37.0.0